Blame SOURCES/wget-1.14-CVE-2017-13090.patch
|
 |
bc22e6 |
@@ -, +, @@
|
|
|
bc22e6 |
(CVE-2017-13090)
|
|
|
bc22e6 |
---
|
|
|
bc22e6 |
src/retr.c | 6 ++++++
|
|
|
bc22e6 |
1 file changed, 6 insertions(+)
|
|
|
bc22e6 |
--- a/src/retr.c
|
|
|
bc22e6 |
+++ a/src/retr.c
|
|
|
bc22e6 |
@@ -378,6 +378,12 @@ fd_read_body (const char *downloaded_filename, int fd, FILE *out, wgint toread,
|
|
|
bc22e6 |
remaining_chunk_size = strtol (line, &endl, 16);
|
|
|
bc22e6 |
xfree (line);
|
|
|
bc22e6 |
|
|
|
bc22e6 |
+ if (remaining_chunk_size < 0)
|
|
|
bc22e6 |
+ {
|
|
|
bc22e6 |
+ ret = -1;
|
|
|
bc22e6 |
+ break;
|
|
|
bc22e6 |
+ }
|
|
|
bc22e6 |
+
|
|
|
bc22e6 |
if (remaining_chunk_size == 0)
|
|
|
bc22e6 |
{
|
|
|
bc22e6 |
ret = 0;
|
|
|
bc22e6 |
--
|